Here´s an excerpt from Wikipedias definition of Separation of Duties:
In information systems, segregation of duties helps reduce the potential damage from the actions of one person. IS or end-user department should be organized in a way to achieve adequate separation of duties. According to ISACA's Segregation of Duties Control matrix , some duties should not be combined into one position. This matrix is not an industry standard, just a general guideline suggesting which positions should be separated and which require compensating controls when combined.
Separation of duties should prevent any individual to have access to a single complete system.
With RES Dynamic Desktop Studio, life will become a lot easier. You can make sure users only can access applications tied to their duties, and when they have to perform these duties, an approval process need to take place.
In this demo I show how this could work.
Please visit RES Software for more information about RES Dynamic Desktop Studio.